Security News > 2022 > August > Cloned Atomic Wallet website is pushing Mars Stealer malware
A fake website impersonating the official portal for the Atomic wallet, a popular decentralized wallet that also operates as a cryptocurrency exchange portal, is, in reality, distributing copies of the Mars Stealer information-stealing malware.
The phony website was disclosed by a malware researcher known as Dee on Monday, but at the time of writing this, it remains online, serving copies of the said malware.
Clicking on the Windows button will download a ZIP file named "Atomic Wallet.zip," which contains malicious code that installs the Mars Stealer infection.
Mars Stealer is a recently-emerged info-stealer that targets account credentials stored on web browsers, cryptocurrency extensions and wallets, and two-factor authentication plugins.
In March, we reported about Mars Stealer being distributed by malvertizing campaigns on Google Ads that abused the OpenOffice brand.
The loader downloads a copy of Mars Stealer from a Discord server and drops it on %LOCALAPPDATA% on the host machine.